US Telecoms Customers Are Under Attack From Chinese Hackers

Ever heard of Stone Panda or Red Apollo or Hogfish or menuPass or APT10? All have been identified as China-based hacking groups. APT10 members Zhu Hua and Zhang Shilong were indicted last December in the Federal District Court for the Southern District of New York on charges of conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft. Both men are believed to be in China and have not yet been arrested by U.S. authorities.

APT10 and various other China-based hacking groups have been operating since at least 2006, when they gained unauthorized access to computers at 45 tech companies and governments in 12 states, stealing hundreds of gigabytes of data, including from the NASA Goddard Space Center and the Jet Propulsion Laboratory. Personnel records of more than 100,000 members of the U.S. Navy were also stolen, along with data from 25 other tech-related companies and the U.S. Department of Energy’s Lawrence Berkeley National Laboratory.

China has a long history of infiltrating the U.S. government and American companies for nefarious purposes. These are the most famous spies in history.

Just last week, APT10 was implicated in an email phishing attack on three U.S. utility companies by impersonating a legitimate U.S. national licensing board, the National Council of Examiners for Engineering and Surveying. Whether or not APT10 was involved, the attack on U.S. utilities, according to Proofpoint, “highlights a continuing global risk from nation-state actors. … Persistent targeting of any entity that provides critical infrastructure should be considered an acute risk with a potential impact beyond the immediate targets.”

“Nation-state actors” implies government knowledge of the hacking groups. And that is just what the December indictment said was true of Zhu and Zhang: “The defendants worked for a company in China called Huaying Haitai Science and Technology Development Company (Huaying Haitai) and acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau.”

Under Chinese law, if asked, Chinese companies must cooperate with the government in gathering intelligence, although government officials claim the companies must follow local laws to the letter.

The most well-publicized of China’s alleged nation-state actors has to be Huawei Technologies, the world’s second-largest maker of smartphones and one of its largest makers of networking equipment. Sales of the company’s products were banned in the United States about a year ago and earlier this year, U.S. companies were forbidden from selling hardware or software components to the company.

Many details of what Huawei is accused of having done have been withheld, but a 10-count indictment against the company came down from the Federal District Court for Western Washington State in January of this year, charging the company with theft of trade secrets conspiracy, attempted theft of trade secrets, wire fraud and obstruction of justice in a campaign to steal trade secrets from T-Mobile. During the investigation, the FBI got its hands on emails from 2013 in which Huawei offered bonuses to employees who stole valuable data from other companies.

The attacks against telecom operators like T-Mobile likely are related to Huawei’s (and China’s) race to dominate the coming world of 5G mobile networking. 5G not only promises faster speed for internet users, but the faster network also is expected to connect millions of smart-home devices and is virtually irreplaceable as the vehicle-to-vehicle communication pathway that will someday repay all the hype, expense and effort behind self-driving cars.

There is plenty of evidence that dedicated Chinese hacker groups, including some that are government-supported, have the capabilities to steal personal, company and even government data. The attacks against T-Mobile sought data such as call logs and cell tower locations.

It doesn’t take a lot of imagination to think of how such information could be used to disrupt U.S. mobile communications. But the U.S. Food and Drug Administration has pointed out that there are even more critical devices needed for common condition such as diabetes that could be at risk. These are the medical devices that are susceptible to hacking.